Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
PlexTrac provides a versatile array of report export templates for specific use cases. This selection of templates empowers users to craft informative reports that align with their objectives and preferences.
Click a card to download and view instructions about using a template. Each section may contain one or more templates and includes dedicated documentation that guides its use and implementation.
A single-scope template is a pre-built report export template best suited for documenting and addressing a single, tightly defined scope or area of concentration within a project or assessment. This innovative approach offers several advantages, making it an invaluable tool in various domains, especially cybersecurity and risk management.
Single-scope templates are helpful for the following security reports:
Vulnerability Assessment Reports: These reports identify and document vulnerabilities within a specific system, network, or application.
Penetration Testing Reports: These reports describe the methods used, vulnerabilities exploited, potential risks, and recommendations for improving security.
Compliance Assessment Reports: These templates help evaluate compliance, providing an overview of status and areas that require attention.
Incident Response Plans: Single-scope templates create incident response plans that address specific cybersecurity incidents.
Security Risk Assessments: These assessments help organizations understand potential threats and vulnerabilities within the assessed scope.
Security Incident Reports: These are used to generate incident reports that detail the incident's impact, root causes, and recommendations to prevent future incidents.
This template has options to configure the presentation of several topics. Click the link below for instructions on each topic.
Visit the Using Export Templates page for an overview of implementing the template when ready to export a report.
The Cover Page option defines the format for the cover page. Users can replace cover art and branding with any option and include additional static content, such as a disclosure statement.
References for additional Report Custom Fields beyond what is presented in the default options can be added.
Don't forget to replace the placeholder text with the organization’s name and address.
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.cover_page_option
line. The number listed represents the option that will be leveraged. Modify the value to match the desired option (information on the different options is listed below).
Click each expandable section for more information.
The following guide outlines the steps to quickly onboard new users to production.
Before downloading and using a template, it is highly recommended to read the Using Templates Overview page for orientation.
Step 1: Download the single-scope template below that matches the desired report use case:
The Single Scope (Generic) Template
Pentera Integration Template
Internal Penetration Report Template
External Penetration Report Template
Step 2: Upload the downloaded single-scope Template into PlexTrac.
Reference the Using Templates Overview page for instructions on associating the export template correctly.
Step 3: Attach the single-scope template to a report.
Within the report, navigate to the Details tab. In the "Report Template" field, select the template created in Step 2 and Click Save.
Step 4: Add the custom fields leveraged by the export template. Predefined custom fields are included in single-scope templates.
On the Details tab of the report, click Add Custom Field at the bottom of the page and create the following 'Report Custom Field' labels:
Author
Author Title
Author Email
Company Name
Company Address
Once completed, Click Save.
Step 4 can also be completed when creating the Report Template.
Reference the 'Using Templates Overview' page for more information.
Step 5: Export the report.
Any narratives, findings, and affected assets expected in the report must be added before export.
To access additional pre-built customization options, please proceed to the following pages.
The following guide outlines the steps to quickly onboard new users to production.
Before downloading and using a template, it is highly recommended to read the Using Templates Overview page for orientation.
Step 1: Download the single-scope template below that matches the desired report use case:
The Single Scope (Generic) Template
Pentera Integration Template
Internal Penetration Report Template
External Penetration Report Template
Step 2: Upload the downloaded single-scope Template into PlexTrac.
Reference the Using Templates Overview page for instructions on associating the export template correctly.
Step 3: Attach the single-scope template to a report.
Within the report, navigate to the Details tab. In the "Report Template" field, select the template created in Step 2 and Click Save.
Step 4: Add the custom fields leveraged by the export template. Predefined custom fields are included in single-scope templates.
On the Details tab of the report, click Add Custom Field at the bottom of the page and create the following 'Report Custom Field' labels:
Author
Author Title
Author Email
Company Name
Company Address
Once completed, Click Save.
Step 4 can also be completed when creating the Report Template.
Reference the 'Using Templates Overview' page for more information.
Step 5: Export the report.
Any narratives, findings, and affected assets expected in the report must be added before export.
To access additional pre-built customization options, please proceed to the following pages.
The Finding Status option lets users display each finding's status in the Finding Details section.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.display_finding_status
line. The default value is true
, which will display a finding's status in the Finding Details section. Modify the value as desired.
Color codes are applied to table headings and text to provide clear and immediate insights. Table headings can be color-coded to aid readers in prioritizing information. Severity levels are emphasized through text color codes, where "High" may appear in red, "Medium" in orange, and "Low" in blue. These color cues enable efficient data interpretation and decision-making in security-related contexts.
Step 1: Open the single-scope template.
Step 2: Go to the "COLOR CODES" section of the setup code.
Step 3: Insert the new desired hexadecimal color code into the highlighted value area to change and save the document.
Do not include the hash symbol.
The legacy highlighted colors used for visual context will not match the new color code entered in Step 3 unless updated manually in the Word document.
The Strict Narratives option allows users to choose between utilizing predetermined narratives within the report or selecting any custom narrative they prefer.
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.strict_narratives
line. The value listed determines the presentation of narratives within the report. The default value is "true." Modify the value as desired.
If bb.strict_narratives
is set to true
, the report will expect the narratives to be present and populated:
Introduction
Methodology
Scope
Summary of Findings
These narratives will be displayed in the order above.
If bb.strict_narratives
is set to false
, the report will display any narrative in the report in the order entered.
The only narrative it won't show in order is a narrative with "Appendix" in the title. In that scenario, the narrative will appear at the bottom of the report.
This option allows for omitting any findings with a severity rating of "Informational." The default value is "true."
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.display_informationals
line. The value listed determines if the findings will be displayed or not. Modify as desired.
If set to true
, all findings with a severity rating of "Informational" will appear in the report.
If set to false
, all findings with a severity rating of "Informational" will be omitted from display throughout the exported document, not tabulated in the count of findings table (called with display_findings_count)
and omitted from display in the Finding Summary Tables and Detailed Findings.
The Summary Table option allows users to choose between multiple table presentations of findings.
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.summary_table_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
This option inserts a page break between each finding presented in the Detailed Findings section of the report. The default value is false.
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.page_break_between_findings
line. The value listed determines if the prefix will be displayed or not. Change the value to "true" to have page breaks inserted.
The Finding Details option allows users to choose between multiple presentations of finding details information.
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.detailed_findings_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
This option allows for adding a prefix to findings in the report. The default value is " ", which means no prefix is added.
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the ss.scope_prefix
line. The value listed determines if the prefix will be displayed or not. Insert a variable to add a prefix to the automatically generated finding numbers.
The prefix will be applied to numbering in the Finding Summary and Detailed Findings sections.
This option allows for omitting any raw evidence in the report. The default value is "false."
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.include_raw_evidence
line. The value listed determines if the evidence will be displayed or not. Modify as desired.
Step 4: For raw evidence to appear in the report, it must be enabled both in the report settings and within the template. Navigate to the Details tab of the report, scroll to the bottom of the page, and toggle on "Include Raw Evidence on Export."
Enabling bb.include_raw_evidence
will significantly increase the export time and length of the report.
If bb.strict_narratives
is set to "true," but the fields above are not in the report, the following error message will appear in the export report:
This option determines if the report displays the associated port number, protocol, service and version data for affected assets. The default value is "false."
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.dispay_port_data
line. Change the value to "true" to display any associated port number, protocol, service and version data if available for affected assets.
If bb.dispay_port_data
is set to true
, the report displays any associated port number, protocol, service and version data for affected assets.
If bb.dispay_port_data
is set to false
, only the name of the affected asset(s) will be displayed in a comma-delimited list.
This option determines the number of lines inserted between each finding in the Detailed Findings Section of a report. The default value is 3.
This option is enabled only if bb.page_break_between_findings is set to "false."
Step 1: Open the single-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.newlines_between_findings
line. Change the value to increase or decrease the lines inserted between each finding in the Detailed Findings Section.
The paragraph spacing is determined by the settings applied to the "Normal" style in Microsoft Word. Standard options for line spacing include single spacing (1.0), 1.5-line spacing (1.5), and double spacing (2.0). These settings can be adjusted in the "Paragraph" section of Word.
These are the included pre-built macros for the single-scope report export template. Click each expandable section for more information.
These are the included pre-built macros for the single-scope report export template. Click each expandable section for more information.
A multi-scope template is a report export template that can be used across multiple assessments as needed. Unlike other templates, it does not contain specific language for a single assessment but can be adapted for use in various security assessment reports.
Security professionals may find it beneficial to present security assessments in a comprehensive and uniform manner. This can make the reports easier to read, manage, and compare, ultimately leading to more effective security measures.
Multi-scope templates are helpful for the following security reports:
Vulnerability Assessment Results: The report lists identified vulnerabilities across the organization's network, systems, and applications.
Penetration Testing Findings: Clients often use this template for the following penetration tests: Internal, External, Web Application, Mobile Application, Wireless, Social, and Physical Security.
Incident Response Analysis: The report evaluates the effectiveness of the incident response plan and offers suggestions for improving incident detection.
Network Traffic Analysis: Suspicious network activity is identified, and recommendations are made for bolstering network monitoring and intrusion detection.
This template has options to configure the presentation of several topics. Click the link below for instructions on each topic.
Visit the Using Export Templates page for an overview of implementing the template when ready to export a report.
Color codes are applied to table headings and text to provide clear and immediate insights. Table headings can be color-coded to aid readers in prioritizing information. Severity levels are emphasized through text color codes, where "High" may appear in red, "Medium" in orange, and "Low" in blue. These color cues enable efficient data interpretation and decision-making in security-related contexts.
Step 1: Open the multi-scope template.
Step 2: Go to the "COLOR CODES" section of the setup code.
Do not include the hash symbol.
The legacy highlighted colors used for visual context will not match the new color code entered in Step 3 unless updated manually in the Word document.
The following guide outlines the steps to quickly onboard new users to production.
Step 1: Download the multi-scope template below:
Step 2: Upload the downloaded multi-scope Template into PlexTrac.
Step 3: Attach the multi-scope template to a report.
Within the report, navigate to the Details tab. In the "Report Template" field, select the template created in Step 2 and Click Save.
Step 4: Add the custom fields leveraged by the export template. Predefined custom fields are included in single-scope templates.
On the Details tab of the report, click Add Custom Field at the bottom of the page and create the following 'Report Custom Field' labels:
Author
Author Title
Author Email
Company Name
Company Address
Once completed, Click Save.
Step 4 can also be completed when creating the Report Template.
Step 5: Add and tag findings with their associated scope.
Step 6: When exporting the report, select the desired scope(s) to be included. These scope tags are available for use:
If tagging the report with mobile
or webapp
, see Step 7. Otherwise, skip to Step 8.
Step 7: If the Report is tagged with mobile
or webapp
, add mobile
or webapp
tags for findings, AND add the appropriate related tags below.
The exported report can display the OWASP risks using these tags:
The exported report can display the OWASP risks using these tags:
Please note these findings tags are specific to mobile and web apps. Mobile OWASP tags will only function with mobile findings, and web app OWASP tags will only work with Web App Findings.
Any narratives, findings, and affected assets expected in the report must be added before export.
To access additional pre-built customization options, please proceed to the following pages.
The Strict Narratives option allows users to choose between utilizing predetermined narratives within the report or selecting any custom narrative they prefer.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.strict_narratives
line. The value listed determines the presentation of narratives within the report. The default value is "true." Modify the value as desired.
If bb.strict_narratives
is set to true
, the report will expect the narratives to be present and populated:
Introduction
Methodology
Scope
Summary of Findings
These narratives will be displayed in the order above.
If bb.strict_narratives
is set to false
, the report will display any narrative in the report in the order entered.
The only narrative it won't show in order is a narrative with "Appendix" in the title. In that scenario, the narrative will appear at the bottom of the report.
The Cover Page option defines the format for the cover page. Users can replace cover art and branding with any option and include additional static content, such as a disclosure statement.
References for additional Report Custom Fields beyond what is presented in the default options can be added.
Don't forget to replace the placeholder text with the organization’s name and address.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.cover_page_option
line. The number listed represents the option that will be leveraged. Modify the value to match the desired option (information on the different options is listed below).
Click each expandable section for more information.
Step 3: Insert the new desired into the highlighted area of the value to change and save the document.
Before downloading and using a template, reading the for orientation is highly recommended.
Reference the page for instructions on associating the export template correctly.
Reference the '' page for more information.
tag | description |
---|
tag | description and link to more information |
---|
tag | description and link to more information |
---|
Step 8: .
If bb.strict_narratives
is set to "true," but the fields above are not in the report, the following error message will appear in the export report:
internal | Internal Penetration Report |
external | External Penetration Report |
wireless | Wireless Penetration Report |
mobile | Mobile Application Report (OWASP Top 10) |
webapp | Web Application Report (OWASP Top 10) |
social | Social Engineering Report |
physical | Physical Penetration Test Report |
m01 |
m02 |
m03 |
m04 |
m05 |
m06 |
m07 |
m08 |
m09 |
m10 |
a01 |
a02 |
a03 |
a04 |
a05 |
a06 |
a07 |
a08 |
a09 |
a10 |
The Finding Status option lets users display each finding's status in the Finding Details section.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.display_finding_status
line. The default value is true
, which will display a finding's status in the Finding Details section. Modify the value as desired.
This option allows users to choose between multiple presentations of a table that displays the overall findings count by severity.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.display_findings_count
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
The Summary Table option allows users to choose between multiple table presentations of findings.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.summary_table_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
The Finding Details option allows users to choose between multiple presentations of finding details information.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.detailed_findings_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
This option inserts a page break between each finding presented in the Detailed Findings section of the report. The default value is false.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.page_break_between_findings
line. The value listed determines if the prefix will be displayed or not. Change the value to "true" to have page breaks inserted.
This option allows for omitting any findings with a severity rating of "Informational." The default value is "true."
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.display_informationals
line. The value listed determines if the findings will be displayed or not. Modify as desired.
If set to true
, all findings with a severity rating of "Informational" will appear in the report.
If set to false
, all findings with a severity rating of "Informational" will be omitted from display throughout the exported document, not tabulated in the count of findings table (called with display_findings_count)
and omitted from display in the Finding Summary Tables and Detailed Findings.
This option allows for omitting any raw evidence in the report. The default value is "false."
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.include_raw_evidence
line. The value listed determines if the evidence will be displayed or not. Modify as desired.
Step 4: For raw evidence to appear in the report, it must be enabled both in the report settings and within the template. Navigate to the Details tab of the report, scroll to the bottom of the page, and toggle on "Include Raw Evidence on Export."
Enabling bb.include_raw_evidence
will significantly increase the export time and length of the report.
This option determines the number of lines inserted between each finding in the Detailed Findings Section of a report. The default value is 3.
This option is enabled only if bb.page_break_between_findings is set to "false."
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.newlines_between_findings
line. Change the value to increase or decrease the lines inserted between each finding in the Detailed Findings Section.
The paragraph spacing is determined by the settings applied to the "Normal" style in Microsoft Word. Standard options for line spacing include single spacing (1.0), 1.5-line spacing (1.5), and double spacing (2.0). These settings can be adjusted in the "Paragraph" section of Word.
The Multi-Scope Report Export template has incorporated definitions related to findings, scopes, and prefixes. These organize and reference findings within different areas or scopes. This arrangement can simplify generating consistent and well-organized reports or documents.
This template has the following scope tags and prefixes set by default for the reference numbers assigned to findings in each scope.
Step 1: Open the multi-scope template.
Step 2: Go to the "SCOPE DEFINITIONS" section of the setup code.
Step 3: Go to the desired line and change the value inside the quotations as needed. Each scope has two lines: one for the tag value and one for the prefix value.
Scope | Scope Tag Value | Scope Prefix Value |
---|---|---|
Internal
internal
INT
External
external
EXT
Wireless
wireless
WLN
Mobile Application
mobile
MBL
Web Application
webapp
APP
Social Engineering
social
SOC
Physical
physical
PHY
An ISO 27001 template is a report export template that can inject the data input into PlexTrac's Assessments module and create an ISO 27001 Assessment Report. An ISO 27001 Assessment Report is generated as part of the ISO 27001 certification process, a globally recognized standard for information security management systems.
Although some customers may require additional assistance beyond the automated features provided by this template, it remains a valuable resource for aiding the assessment process. Furthermore, the PTRAC presented as an example in this assessment can benefit those seeking to maximize their use of the PlexTrac platform in the context of this ISO27001 assessment.
Click the box to download the report export template.
This template has options to configure the presentation of several topics. Click the link below for instructions on each topic.
Visit the Using Export Templates page for an overview of implementing the template when ready to export a report.
These are the included pre-built macros for the multi-scope report export template. Click each expandable section for more information.
This option determines if the report displays the associated port number, protocol, service and version data for affected assets. The default value is "false."
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.dispay_port_data
line. Change the value to "true" to display any associated port number, protocol, service and version data if available for affected assets.
If bb.dispay_port_data
is set to true
, the report displays any associated port number, protocol, service and version data for affected assets.
If bb.dispay_port_data
is set to false
, only the name of the affected asset(s) will be displayed in a comma-delimited list.
Color codes are applied to table headings and text to provide clear and immediate insights. Table headings can be color-coded to aid readers in prioritizing information. Different compliant levels are emphasized through text color codes, where "Not Compliant" may appear in red, "Managed" in orange, and "Not Applicable" in blue. These color cues enable efficient data interpretation and decision-making in security-related contexts.
Step 1: Open the ISO 27001 template.
Step 2: Go to the "COLOR CODES" section of the setup code.
Do not include the hash symbol.
The legacy highlighted colors used for visual context will not match the new color code entered in Step 3 unless updated manually in the Word document.
Step 3: Insert the new desired into the highlighted area of the value to change and save the document.
The Cover Page option defines the format for the cover page. Users can replace cover art and branding with any option and include additional static content, such as a disclosure statement.
References for additional Report Custom Fields beyond what is presented in the default options can be added.
Don't forget to replace the placeholder text with the organization’s name and address.
Step 1: Open the ISO 27001 template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the nn.cover_page_option
line. The number listed represents the option that will be leveraged. Modify the value to match the desired option (information on the different options is listed below).
Click each expandable section for more information.
Modify the fill color and other attributes of embedded graphics to match the organization's color palette by selecting the shape to modify, clicking the Shape Format tab, and changing the shape style attributes.
The Summary Table option allows users to choose between multiple table presentations of findings.
Step 1: Open the ISO 27001 template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the nn.summary_table_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
For help changing the color scheme of an option, refer to the Color Codes page.
The Maturity Tables option allows users to choose between multiple table presentations of the maturity level summary table.
Step 1: Open the ISO 27001 template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the nn.maturity_summary_table_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
The Compliance Tables option allows users to choose between multiple table presentations of the compliance summary table.
Step 1: Open the ISO 27001 template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the nn.compliance_summary_table_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
The Detailed Controls option allows users to choose if the "Detailed Controls" section of the template is included in the report.
Step 1: Open the ISO 27001 template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the bb.display_detailed_controls
line. Modify the value as desired.
If set to true
, the "Detailed Controls" section of the template will be omitted.
If set to false
, the "Detailed Controls" section of the template will be included in the report.
This option determines the number of lines inserted between each finding in the Detailed Findings Section of a report. The default value is 3.
This option is enabled only if bb.page_break_between_controls
is set to "false."
Step 1: Open the ISO 27001 template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the nn.newlines_between_controls
line. Change the value to increase or decrease the lines inserted between each control.
The paragraph spacing is determined by the settings applied to the "Normal" style in Microsoft Word. Standard options for line spacing include single spacing (1.0), 1.5-line spacing (1.5), and double spacing (2.0). These settings can be adjusted in the "Paragraph" section of Word.
This option inserts a page break between each finding presented in the Detailed Findings section of the report. The default value is false.
Step 1: Open the ISO 27001 template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the bb.page_break_between_controls
line. The value listed determines if the prefix will be displayed or not. Change the value to "true" to have page breaks inserted.
If set to true
, a page break will be inserted between each control.
If set to false
, no page breaks will be inserted between each control.
The Detailed Controls option allows users to choose between multiple table presentations of the compliance summary table.
Step 1: Open the ISO 27001 template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the bb.display_detailed_controls_options
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
These are the included pre-built macros for the ISO 27001 report export template. Click each expandable section for more information.
OWASP templates are pre-built report export template variations of the single-scope template that outputs a structure optimized for an OWASP report. One is for web applications and the other is for mobile applications.
OWASP reports enhance web application security by providing valuable insights, guidance, and resources to help organizations and developers protect their web applications from common threats and vulnerabilities. One of the key publications from OWASP is the "OWASP Top Ten," which documents the top ten most critical web application security risks.
Click the box to download the report export template.
Findings within the Web Application Report must be tagged with the following to accurately display OWASP risks identified on the exported report.
Available Finding Tags: a01, a02, a03, a04, a05, a06, a07, a08, a09, a10
Example: Findings tagged with 'a01' will associate a finding with 'A01: Broken Access Control' outlined in the OWASP Top 10 Web Application Security Risks list.
Click the box to download the report export template.
Findings within the Web Application Report must be tagged with the following to accurately display OWASP risks identified on the exported report.
Available Finding Tags: m01, m02, m03, m04, m05, m06, m07, m08, m09, m10
Example: Findings tagged with 'm01' will associate a finding with 'M01: Improper Credential Usage' outlined in the OWASP Top 10 Mobile Application Security Risks list.
This template has options to configure the presentation of several topics. Click the link below for instructions on each topic.
Visit the Using Export Templates page for an overview of implementing the template when ready to export a report.
The following guide outlines the steps to quickly onboard new users to production.
Before downloading and using a template, it is highly recommended to read the Using Templates Overview page for orientation.
Step 1: Download the OWASP template below that matches the desired report use case:
Web Application OWASP Report Template
Mobile Application OWASP Report Template
Step 2: Upload the downloaded single-scope Template into PlexTrac.
Reference the Using Templates Overview page for instructions on associating the export template correctly.
Step 3: Attach the single-scope template to a report.
Within the report, navigate to the Details tab. In the "Report Template" field, select the template created in Step 2 and Click Save.
Step 4: Add the custom fields leveraged by the export template. Predefined custom fields are included in single-scope templates.
On the Details tab of the report, click Add Custom Field at the bottom of the page and create the following 'Report Custom Field' labels:
Author 1
Author 1 Title
Author 1 Email
Company 1 Name
Company 1 Address
Once completed, Click Save.
Step 4 can also be completed when creating the Report Template.
Reference the 'Using Templates Overview' page for more information.
Step 4 can also be extended to a Secondary Author.
Reference the 'Version Control' page for more information.
Step 5: Add & Tag Findings with their associated OWASP Top 10 associated Risk.
The following Findings Tags (detailed below) will allow Findings within the exported Report to display correct information within certain sections of your Report. These Tags will only function appropriately within their respective scoped report.
Web Application OWASP Top 10 Tags (highlighted in yellow)
a03 - A03:2021 - Injection
Mobile Application OWASP Top 10 Tags (highlighted in yellow)
Step 6: Export the report.
Any narratives, findings, and affected assets expected in the report must be added before export.
To access additional pre-built customization options, please proceed to the following pages.
Color codes are applied to table headings and text to provide clear and immediate insights. Table headings can be color-coded to aid readers in prioritizing information. Severity levels are emphasized through text color codes, where "High" may appear in red, "Medium" in orange, and "Low" in blue. These color cues enable efficient data interpretation and decision-making in security-related contexts.
Step 1: Open the OWASP template.
Step 2: Go to the "COLOR CODES" section of the setup code.
Do not include the hash symbol.
The legacy highlighted colors used for visual context will not match the new color code entered in Step 3 unless updated manually in the Word document.
The Strict Narratives option allows users to choose between utilizing predetermined narratives within the report or selecting any custom narrative they prefer.
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.strict_narratives
line. The value listed determines the presentation of narratives within the report. The default value is "true." Modify the value as desired.
If bb.strict_narratives
is set to true
, the report will expect the narratives to be present and populated. The structure of the expected narratives is based on the recommendations made by the OWASP Organization.
Disclaimer
The Team
Methodology
Timeline
Scope
Limitations
Summary of Findings
These narratives will be displayed in the order above.
If bb.strict_narratives
is set to false
, the report will display any narrative in the report in the order entered.
The only narrative it won't show in order is a narrative with "Appendix" in the title. In that scenario, the narrative will appear at the bottom of the report.
Step 3: Insert the new desired into the highlighted area of the value to change and save the document.
If bb.strict_narratives
is set to "true," but the fields above are not in the report, the following error message will appear in the export report:
The Display Version Control option allows users to choose between....
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.display_version_control_option
line. The value listed determines the different pre-built Version Control tables made within the template. The default value is "1"
. There will be a total of 2 options available. Modify the value with "1"
or "2"
as desired.
If nn.display_version_control_option
is set to 1
, the report will generate and display the pre-built option of having a single 'Primary' column presented in the "PROJECT CONTACTS & DOCUMENT HISTORY" section of the expected report.
This option will function solely with the following Report Custom Fields:
Author 1
Author 1 Title
Author 1 Phone
Author 1 Email
If nn.display_version_control_option
is set to 2
, the report will generate and display the pre-built option of having a "Primary" column and a "Secondary" column presented in the "PROJECT CONTACTS & DOCUMENT HISTORY" section of the expected report. .
This option will function with the following Report Custom Fields:
Author 1
Author 1 Title
Author 1 Phone
Author 1 Email
Author 2
Author 2 Title
Author 2 Phone
Author 2 Email
Please Note: The "Report Version History" table will require manual updating to the table beyond the "Initial Report" version.
The Cover Page option defines the format for the cover page. Users can replace cover art and branding with any option and include additional static content, such as a disclosure statement.
References for additional Report Custom Fields beyond what is presented in the default options can be added.
Don't forget to replace the placeholder text with the organization’s name and address.
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.cover_page_option
line. The number listed represents the option that will be leveraged. Modify the value to match the desired option (information on the different options is listed below).
Click each expandable section for more information.
This option allows users to choose between multiple presentations of a table that displays the overall findings count by severity.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.display_findings_count
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
The Summary Table option allows users to choose between multiple table presentations of findings.
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.summary_table_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
The Finding Details option allows users to choose between multiple presentations of finding details information.
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.detailed_findings_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Step 4: Go to the bb.display_finding_status
line. The default value will be set to true
and will display whether the findings status is "Open", "In Process", or "Closed". If the default value is changed to false
, the finding status will not be displayed.
Click each expandable section for more information.
The Finding Status option lets users display each finding's status in the Finding Details section.
Step 1: Open the multi-scope template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.display_finding_status
line. The default value is true
, which will display a finding's status in the Finding Details section. Modify the value as desired.
This option allows for omitting any findings with a severity rating of "Informational." The default value is "true."
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.display_informationals
line. The value listed determines if the findings will be displayed or not. Modify as desired.
If set to true
, all findings with a severity rating of "Informational" will appear in the report.
If set to false
, all findings with a severity rating of "Informational" will be omitted from display throughout the exported document, not tabulated in the count of findings table (called with display_findings_count)
and omitted from display in the Finding Summary Tables and Detailed Findings.
A test plan is the documented form of an organization's procedures for conducting a task or series of tasks. The purpose of a runbook is to script engagements to the command-line level to build a library of engagements to ensure a robust execution and coverage of an engagement objective while efficiently collecting valuable evidence for reporting.
This template differs from the others by displaying and configuring procedure data in the report.
Click the box to download the report export template.
This template has options to configure the presentation of several topics. Click the link below for instructions on each topic.
Visit the Using Export Templates page for an overview of implementing the template when ready to export a report.
Color codes are applied to table headings and text to provide clear and immediate insights. Table headings can be color-coded to aid readers in prioritizing information. Severity levels are emphasized through text color codes, where "High" may appear in red, "Medium" in orange, and "Low" in blue. These color cues enable efficient data interpretation and decision-making in security-related contexts.
Step 1: Open the runbooks template.
Step 2: Go to the "COLOR CODES" section of the setup code.
Step 3: Insert the new desired hexadecimal color code into the highlighted area of the value to change and save the document.
Do not include the hash symbol.
The legacy highlighted colors used for visual context will not match the new color code entered in Step 3 unless updated manually in the Word document.
This option inserts a page break between each finding presented in the Detailed Findings section of the report. The default value is false.
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.page_break_between_findings
line. The value listed determines if the prefix will be displayed or not. Change the value to "true" to have page breaks inserted.
This option allows for omitting any raw evidence in the report. The default value is "false."
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.include_raw_evidence
line. The value listed determines if the evidence will be displayed or not. Modify as desired.
Step 4: For raw evidence to appear in the report, it must be enabled both in the report settings and within the template. Navigate to the Details tab of the report, scroll to the bottom of the page, and toggle on "Include Raw Evidence on Export."
Enabling bb.include_raw_evidence
will significantly increase the export time and length of the report.
The Strict Narratives option allows users to choose between utilizing predetermined narratives within the report or selecting any custom narrative they prefer.
Step 1: Open the runbooks template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the bb.strict_narratives
line. The value listed determines the presentation of narratives within the report. The default value is "true." Modify the value as desired.
If set to true
, the report will expect the narratives to be present and populated:
Introduction
Methodology
Scope
Summary of Findings
These narratives will be displayed in the order above.
If set to false
, the report will display any narrative in the report in the order entered.
The only narrative it won't show in order is a narrative with "Appendix" in the title. In that scenario, the narrative will appear at the bottom of the report.
This option determines the number of lines inserted between each finding in the Detailed Findings Section of a report. The default value is 3.
This option is enabled only if bb.page_break_between_findings is set to "false."
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the nn.newlines_between_findings
line. Change the value to increase or decrease the lines inserted between each finding in the Detailed Findings Section.
The paragraph spacing is determined by the settings applied to the "Normal" style in Microsoft Word. Standard options for line spacing include single spacing (1.0), 1.5-line spacing (1.5), and double spacing (2.0). These settings can be adjusted in the "Paragraph" section of Word.
This option determines if the report displays the associated port number, protocol, service and version data for affected assets. The default value is "false."
Step 1: Open the OWASP template.
Step 2: Go to the "OPTION TOGGLES" section of the setup code.
Step 3: Go to the bb.dispay_port_data
line. Change the value to "true" to display any associated port number, protocol, service and version data if available for affected assets.
If bb.dispay_port_data
is set to true
, the report displays any associated port number, protocol, service and version data for affected assets.
If bb.dispay_port_data
is set to false
, only the name of the affected asset(s) will be displayed in a comma-delimited list.
The Finding Details option allows users to choose between multiple presentations of finding details information.
Step 1: Open the runbooks template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the nn.detailed_findings_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
If bb.strict_narratives
is set to "true," but the fields above are not in the report, the following error message will appear in the export report:
The Summary Table option allows users to choose between multiple table presentations of findings.
Step 1: Open the runbooks template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the nn.summary_table_option
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
This option allows for omitting any findings with a severity rating of "Informational." The default value is "true."
Step 1: Open the runbooks template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the bb.display_informationals
line. The value listed determines if the findings will be displayed or not. Modify as desired.
If set to true
, all findings with a severity rating of "Informational" will appear in the report.
If set to false
, all findings with a severity rating of "Informational" will be omitted from display throughout the exported document, not tabulated in the count of findings table (called with display_findings_count)
and omitted from display in the Finding Summary Tables and Detailed Findings.
The Cover Page option defines the format for the cover page. Users can replace cover art and branding with any option and include additional static content, such as a disclosure statement.
References for additional Report Custom Fields beyond what is presented in the default options can be added.
Don't forget to replace the placeholder text with the organization’s name and address.
Step 1: Open the runbooks template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the nn.cover_page_option
line. The number listed represents the option that will be leveraged. Modify the value to match the desired option (information on the different options is listed below).
Click each expandable section for more information.
This option inserts a page break between each finding presented in the Detailed Findings section of the report. The default value is false.
Step 1: Open the runbooks template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the bb.page_break_between_findings
line. The value listed determines if the prefix will be displayed or not. Change the value to "true" to have page breaks inserted.
This option allows for omitting any raw evidence in the report. The default value is "false."
Step 1: Open the runbook template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the bb.include_raw_evidence
line. The value listed determines if the evidence will be displayed or not. Modify as desired.
Step 4: For raw evidence to appear in the report, it must be enabled both in the report settings and within the template. Navigate to the Details tab of the report, scroll to the bottom of the page, and toggle on "Include Raw Evidence on Export."
Enabling bb.include_raw_evidence
will significantly increase the export time and length of the report.
This option allows for adding a prefix to findings in the report. The default value is " ", which means no prefix is added.
Step 1: Open the runbooks template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the ss.scope_prefix
line. The value listed determines if the prefix will be displayed or not. Insert a variable to add a prefix to the automatically generated finding numbers.
The prefix will be applied to numbering in the Finding Summary and Detailed Findings sections.
This option determines the number of lines inserted between each finding in the Detailed Findings Section of a report. The default value is 3.
This option is enabled only if bb.page_break_between_findings is set to "false."
Step 1: Open the runbooks template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the nn.newlines_between_findings
line. Change the value to increase or decrease the lines inserted between each finding in the Detailed Findings Section.
The paragraph spacing is determined by the settings applied to the "Normal" style in Microsoft Word. Standard options for line spacing include single spacing (1.0), 1.5-line spacing (1.5), and double spacing (2.0). These settings can be adjusted in the "Paragraph" section of Word.
This option determines if the report displays the associated port number, protocol, service and version data for affected assets. The default value is "false."
Step 1: Open the runbooks template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the bb.dispay_port_data
line. Change the value to "true" to display any associated port number, protocol, service and version data if available for affected assets.
If set to true
, the report displays any associated port number, protocol, service and version data for affected assets.
If set to false
, only the name of the affected asset(s) will be displayed in a comma-delimited list.
The Display Procedure option allows users to choose if the "Procedure" section of the template is included in the report. This is tied to the procedure data that is created when doing an engagement in the Runbooks module. The default setting is true
.
Step 1: Open the runbooks template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the bb.dispay_procedure_data
line. Modify the value as desired.
This option allows users to choose between presentations of the procedure section. The default value is 3
.
Step 1: Open the runbooks template.
Step 2: Go to the "OPTION DEFINITIONS" section of the setup code.
Step 3: Go to the nn.procedure_data_style
line. The number listed represents the option that will be leveraged. Modify the value as desired.
Click each expandable section for more information.
These are the included pre-built macros for the runbooks report export template. Click each expandable section for more information.